Skype Worm – w32/Ramex.A – How to get rid of it

A new Windows worm spreading through the chat messages of Skype. (Skype’s Heartbeat Blog says that computers already infected by the worm will send a chat message to other users.

The chat message will have a link to an image file (looks like), but it leads to the virus file. Clicking the link will prompt ask for permission to run a .scr file, if you grant it, that will install the virus, dubbed, w32/Ramex.A.

(FSecure calls the virus W32/Skipi.A. and Symantec  W32.Pykspa.D.)

Update your anti-virus software and says that F-Secure, Kaspersky Lab and Symantec have all posted updates that will remove the virus.

Experienced users can follow these steps to get rid of the virus:

1. Restart the PC in safe mode
2. Run regedit
3. Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
4. Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
5. Go to windows/system32/drivers/etc
6. Find file hosts
7. Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close.
7. Restart the PC.

What i prefer is don’t click on any link which is suspecious or sent by strangers (Email,IM whatever)